| I think that the problem for quick and easy memorizations is that it could also be easy for an algorithm to crack it. For example you have: [qWeRtY4$] + [bananas] + [ibdlfsofxt] If your password is exposed: [qWeRtY4$] = remains the same for all passwords [bananas] = remains the same for all passwords [ibdlfsofxt] = changes for all passwords Cracking the part that "changes" is probably not going to be difficult for a machine since you are associating the place name (hackernews or aws) with the part that changes (same number of characters). Then it won't take long for a machine to guess that you are replacing with the next alphabet letter or something else that is easy for a human to remember. In that sense, I believe QWERTY cards are a bit more secure in this sense since it's just random characters assigned to each key, and each card is unique. It takes away the "easy to remember" part since you will have to look at the card, but it will be some orders of magnitude harder for a machine to guess it. After multiple breaches, however, your encryption table might be exposed too. At this point you will have to change your passwords and get a new card. Probably do it every 3 months? I don't know, sounds like a lot of work and maybe too paranoid, but I'm hopeless when thinking about password creation and making it easy to remember. |